IT AUDIT FUNDAMENTALS

- Analysis of the IT Audit function and its contribution to the company's mission and strategy - Definition of the roles and responsibilities of the IT Audit function - Relationships with governance and risk management - Differences between internal and external auditing. - In-depth analysis of the role of IT Audit within the company and how it collaborates with other auditors and experts.

- An in-depth look at establishing, managing, and monitoring internal and IT controls - The purpose of IT internal controls and their contribution to achieving business objectives - Identifying the different types of controls and distinguishing between IT risk and related controls - Differences between preventive, detective, and corrective controls - Evaluating controls and defining the benefits of a risk-based audit - The Agile approach to auditing - Defining audit risks and how to reduce them

- Conducting IT audits: the different types and related procedures, objectivity, and professional care - Specialized assessments (e.g., vulnerability) and related scanning and testing activities (e.g., penetration). - Audit Advisory, consulting roles, and services to improve the value, quality, and control of IT systems - Purposes of independent third-party assurance or attestation and their use - Planning and conducting IT audits in compliance with professional standards - Collecting and evaluating different types of audit evidence - Using data analysis tools to streamline audit processes - Collecting reports, findings, and recommendations for stakeholders - Audit follow-up and evaluating how risk has been addressed

- Description and assessment of the most common IT infrastructure components - Identifying concerns related to hardware, software, operating systems, and networks - Conducting periodic IT infrastructure reviews - Evaluating database structures and their management - Cloud Computing: characteristics, risks, and control - Evaluating change, configuration, release, and patch management policies and practices - Business Continuity, Disaster Recovery, and Data Backup

- Perimeter network security: protecting data, assets, and company information - Risks and controls related to Windows and UNIX®/Linux operating systems - Description of security vulnerabilities and risks of mobile (web) apps - Security and risk assessment related to the use of Windows Active Directory and Oracle - Analysis of corporate information security and privacy policies and practices - Assessing the protection of corporate media and mobile devices

- AI (Artificial Intelligence): basic concepts, expert systems, and associated risks - Big Data: technical/operational risks for the company and approaches for adequate risk management - Blockchain: corporate use of methodologies and assessment of the blockchain technology control environment - IoT: device types, value, and risks for the company - Cybersecurity: key processes and associated controls.